The present invention relates to facilitating cross security-domain processing within a multi-system computing environment.
Over time, multi-system computing environments have developed comprising the same or different operating systems and software requirements. These systems may be within the same or different security domains, with each security domain maintaining its own set of user security credentials. Within a security domain, a user registry is provided which includes a list of users and information, such as a user ID and password, that is used, for example, to authenticate a user when the user requests access to the domain. Note that the user may be a human user, or may be a software process that is assigned a local user identity, such as a print server. Each domain typically has its own administrative tools that allows its system administrator to add, delete, or modify user identities in the user registry. With a multiple domain environment that has several different systems, this means that the system administrator must learn and become proficient in the several different tools that handle identity management in the respective domains.
One way to avoid having multiple user identities for the same user is to force all applications and systems to share a common user registry. This approach may be viable in a homogenous environment (e.g., in a network that only has computers of the same platform type sharing a common security manager and a common security database). However, implementing this approach on a computing environment that includes several different security domains would require that each system and each application be rewritten to access some common user registry for the computing environment. This is not a workable solution.